432 matches found
CVE-2023-35798 Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...
CVE-2023-35798
The CVE affects Apache Airflow ODBC Provider (before 4.0.0) and Apache Airflow MSSQL Provider (before 3.4.1). The issue is an input-validation/arbitrary file-read vulnerability exposed when DAG code uses get_sqlalchemy_connection, allowing access to files via resource updates. Impact is described...
CVE-2023-35798 Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...
PT-2023-3656 · Apache · Apache Airflow Mysql Provider +1
Name of the Vulnerable Software and Affected Versions: Apache Airflow ODBC Provider versions prior to 4.0.0 Apache Airflow MSSQL Provider versions prior to 3.4.1 Description: The issue is related to insufficient input validation in the Apache Airflow MSSQL Provider and Airflow ODBC Provider...
msLDAPDump - LDAP Enumeration Tool
msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...
CVE-2023-30557 SQL injection in data_dictionary.py table_info method in Archery - GHSL-2022-106
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the datadictionary.py tableinfo. User input coming from the dbname in a...
CVE-2023-0620
A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection. This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL MSSQL Database Storage Backend, which could allow the attacker to view, add, modify, or...
CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...
CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...
Information disclosure
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...
Fingerprintx - Standalone Utility For Service Discovery On Open Ports!
fingerprintx is a utility similar to httpx that also supports fingerprinting services like as RDP, SSH, MySQL, PostgreSQL, Kafka, etc. fingerprintx can be used alongside port scanners like Naabu to fingerprint a set of ports identified during a port scan. For example, an engineer may wish to scan...
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 are vulnerable to an SQL injection attack when using the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin, certain parameters are required to establish a connection schema, database, and table are not...
GHSA-V3HP-MCJ5-PG39 HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 are vulnerable to an SQL injection attack when using the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin, certain parameters are required to establish a connection schema, database, and table are not...
CVE-2023-0620
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provide...
CVE-2023-0620
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provide...
Sql injection
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL MSSQL Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provide...
CVE-2023-0620
HashiCorp Vault/Vault Enterprise versions 0.8.0–1.13.1 are vulnerable to SQL injection when configuring the Microsoft SQL (MSSQL) Database Storage Backend. In the MSSQL plugin configuration, certain parameters are not sanitized before being passed to the backend, allowing a local attacker to modi...
PT-2023-8746 · Microsoft +2 · Sql +3
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 Description: The issue is related to an SQL injection attack when configuring the Microsoft SQL MSSQL Database Storage Backend. Certain parameters are not sanitized when passe...
CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...
CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...